All geek questions in one place

How to edit the authorization header of an HTTP GET request coming from a hyperlink (<a href> tag)

I have an Angular application that stores JWT tokens in localstorage to provide authentication. What I want to do is figure out how to grab this JWT token and paste it into a GET HTTP request that displays as a completely new web page (NOT an returned object from an XMLHTTP request that displays on the same page ...),

Is it possible? The only way I found something like this is to use basic HTTP authorization, for example:

username: password@www.hypotheticalwebsite.com

And I suppose I can go all my JWT there.

I use Express.js to handle routing on my Node.js server.

+5
source share
1 answer

Just read the JWT from your locale repository and then insert the JWT in the authorization header or you can add it as a GET parameter.

I would recommend a headline.

On the next side, just read the JWT.

If processing is required on all pages of the express instance, do so in the express middleware.

Update

If you want to use a regular link, you must use a parameter, for example ?auth_token=12345 .

To add this header, you can use $http and use the method in your controller. For instance:

controller

 $scope.openLink = function() { var config = { headers: { 'Authorization': '12345', } }; $http.get("<your url>", config); }

View

 <a href="#" ng-click="openLink()">Test</a>

Admin Security Interface

To be safe, you must add roles to your api and allow administrative calls to administrators, and also check on the angular side if the user is allowed to open the user interface with the role that the user has. There are several acl modules for angular, such as: github.com/mikemclin/angular-acl

+3
source

Source: https://habr.com/ru/post/1241907/

More articles:


All Articles